AEGIS Security Scanner

AEGIS is a governed Cyber Reasoning System (CRS) that discovers vulnerabilities, proves exploitability, synthesizes patches, and deploys fixes -- all under the Equilateral governance architecture with cryptographic audit trails. This free npm package provides a capped security scanner to evaluate your codebase for common vulnerability patterns across 12 languages.

Quick Start

# One-shot scan (no install required)
npx @raknor/aegis scan ./my-project

# Or install globally
npm install -g @raknor/aegis
aegis scan ./my-project

# JSON output for CI integration
aegis scan ./src --json

What's Included

Free Tier (this package)

• Regex-based pattern matching for 16 vulnerability classes
• CWE-78 Command Injection, CWE-79 XSS, CWE-89 SQL Injection, CWE-94 Code Injection, CWE-120 Buffer Overflow, CWE-327 Weak Crypto, CWE-502 Unsafe Deserialization, CWE-798 Hardcoded Credentials, and more
• Scans JS, TS, Python, Java, Go, C#, C, C++ source files
• Capped at 50 findings and 500 files per scan
• Severity classification (Critical / High / Medium / Low)
• CWE distribution summary
• Compliance framework readiness preview — visual pass/fail indicators for FedRAMP High / Moderate, SOC 2 Type II, ISO 27001:2022, PCI-DSS v4.0, HIPAA, DORA (EU), NIST CSF 2.0, and CMMC Level 2

Pro Tier (SaaS)

Everything in Free, plus:

• Tree-sitter AST analysis across 8 languages (not regex -- real parsing)
• Cross-file taint analysis with 70+ sources and 100+ sinks
• CVSS 3.1 scoring with CISA KEV and EPSS enrichment
• 12-framework compliance mapping (NIST, FedRAMP, DORA, CMMC, ISO 27001, OWASP, PCI-DSS, HIPAA, EU AI Act, SEC/FINRA, DoD SRG, SOC2)
• 22+ report formats: SARIF, OSCAL, HTML, STRIDE, VEX, SBOM, and more
• Automated patch synthesis and verification
• Hash-chained provenance for tamper-evident audit trails
• Delta scanning for CI/CD pipelines (scans only changed files)
• Secret detection (11 patterns) and dependency accuracy auditing

Enterprise Tier (Docker)

Everything in Pro, plus:

• Self-hosted Docker container for air-gapped / on-prem environments
• Full Rust binary (~5 MB) scanning 1.5M LOC in 40 seconds
• White-label branding support
• M&A due diligence report generation
• Evidence bundle generation for FedRAMP, DORA, ISO 27001 certification

Compliance Framework Readiness

Every scan produces a preview indicator for nine compliance frameworks, based on the severity and class of findings detected. Example output (ASCII bars with status):

  FedRAMP High      [███████████████░░░░░]  75%  BLOCKED
  FedRAMP Moderate  [███████████████░░░░░]  75%  BLOCKED
  SOC 2 Type II     [███████████████░░░░░]  75%  BLOCKED
  ISO 27001:2022    [███████████████░░░░░]  75%  BLOCKED
  PCI-DSS v4.0      [███████████████░░░░░]  75%  BLOCKED
  HIPAA             [███████████████░░░░░]  75%  BLOCKED
  DORA (EU)         [███████████████░░░░░]  75%  BLOCKED
  NIST CSF 2.0      [███████████████░░░░░]  75%  READY
  CMMC Level 2      [███████████████░░░░░]  75%  BLOCKED

This is a preview indicator only. The free scan is regex-based and cannot see taint flows, control coverage, SBOM health, or provenance. Real certification scoring requires the Pro tier, which produces OSCAL evidence bundles suitable for FedRAMP / DORA / ISO audit submission.

Programmatic API

const { scan, computeReadiness } = require('@raknor/aegis');

const result = scan('/path/to/project', {
  maxFindings: 50,
  maxFiles: 500,
});

console.log(result.findings);        // Array of finding objects
console.log(result.severity);         // { critical, high, medium, low }
console.log(result.cweDistribution);  // CWE breakdown

// Framework readiness preview (nine frameworks)
const readiness = computeReadiness(result);
console.log(readiness['FedRAMP High']);
// { score: 75, status: 'BLOCKED', critical: 1, high: 0, secrets: 0 }

Upgrade

For full capabilities, visit raknor.ai/pricing.

License

Apache-2.0 -- Pareidolia LLC (d/b/a Raknor AI)